From owner-freebsd-security Thu Aug 1 5:34: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DAA037B400 for ; Thu, 1 Aug 2002 05:33:57 -0700 (PDT) Received: from addr-mx01.addr.com (addr-mx01.addr.com [209.249.147.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE74043E70 for ; Thu, 1 Aug 2002 05:33:56 -0700 (PDT) (envelope-from torvalds@addr.com) Received: from proxy1.addr.com (proxy1.addr.com [209.249.147.28]) by addr-mx01.addr.com (8.12.2/8.12.2) with ESMTP id g71CXDmQ034888; Thu, 1 Aug 2002 05:33:14 -0700 (PDT) Received: from TS22 ([202.71.153.170]) by proxy1.addr.com (8.11.6/8.9.1) with ESMTP id g71CXB244368; Thu, 1 Aug 2002 05:33:12 -0700 (PDT) (envelope-from torvalds@addr.com)(envelope-to ) Message-ID: <016301c23957$7d8436f0$9600a8c0@blraddrcom> From: "Naga Suresh B" To: "Christoph Wegener" Cc: References: Subject: Re: openssh-3.4p1.tar.gz trojaned Date: Thu, 1 Aug 2002 18:02:22 +0530 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Scanned-By: MIMEDefang 2.15 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org how we can findout that trojaned attacked our server or not. ----- Original Message ----- From: "Christoph Wegener" To: "Mario Pranjic" Cc: Sent: Thursday, August 01, 2002 5:53 PM Subject: Re: openssh-3.4p1.tar.gz trojaned > Hi again, > yes you are right: I agree that the version on the ftp-server must have been changed during the last 24 hours - so you _might_ be safe... > But who can guaranty that... :(( AFAIK: if you don not have the trojan in the origin tarball this is a good indicator for being safe... > > Just my 2 cents...cheers > Christoph > > 1.8.2002 13:40:56, Mario Pranjic wrote: > > >Of course. I understand that. > > > >But, I wanted your opinion about the openssh that installed yesterday (or > >the day before, not so sure right now). > > > >It has the right md5 checksum and no trojan file in tarball. > > > >If I got it right, openssh source tarball has changed in past 24 hourhs on > >ftp.openbsd.org and that one is infected. > > > >If so, I installed the clean version before the one with trojan was put on > >ftp server. > > > >We'll see what will the maintainer say about it (dinoex@FreeBSD.org). > -- > .-. Ruhr-Universitaet Bochum > /v\ L I N U X Lehrstuhl fuer Biophysik > // \\ >Penguin Computing< c/o Christoph Wegener > /( )\ Gebaeude ND 04/Nord > ^^-^^ D-44780 Bochum, GERMANY > > Tel: +49 (234) 32-25754 Fax: +49 (234) 32-14626 > mailto:cwe@bph.ruhr-uni-bochum.de http://www.bph.ruhr-uni-bochum.de > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message